fix: make sure region field is required on other components (#3625)

Signed-off-by: Samantha Coyle <sam@diagrid.io>

.build-tools/builtin-authentication-profiles.yaml

@@ -5,9 +5,18 @@ aws:
     metadata:
       - name: region
         type: string
-        required: true
+        required: false
         description: |
           The AWS Region where the AWS resource is deployed to.
+          This will be marked required in Dapr 1.17.
+        example: '"us-east-1"'
+      - name: awsRegion
+        type: string
+        required: false
+        description: |
+          This maintains backwards compatibility with existing fields. 
+          It will be deprecated as of Dapr 1.17. Use 'region' instead.
+          The AWS Region where the AWS resource is deployed to.
         example: '"us-east-1"'
       - name: accessKey
         description: AWS access key associated with an IAM account
@@ -20,11 +29,13 @@ aws:
         sensitive: true
         example: '"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"'
       - name: sessionToken
+        type: string
         required: false
         sensitive: true
         description: |
           AWS session token to use. A session token is only required if you are using
           temporary security credentials.
+        example: '"TOKEN"'
   - title: "AWS: Assume IAM Role"
     description: |
       Assume a specific IAM role. Note: This is only supported for Kafka and PostgreSQL.

.build-tools/pkg/metadataschema/builtin-authentication-profiles.go

@@ -32,25 +32,17 @@ func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile, componen
 	for i, profile := range profiles {
 		res[i] = profile
 
-		// convert slice to a slice of pointers to update in place for required -> non-required fields
-		metadataPtr := make([]*Metadata, len(profile.Metadata))
-		for j := range profile.Metadata {
-			metadataPtr[j] = &profile.Metadata[j]
-		}
+		// deep copy the metadata slice to avoid side effects when manually updating some req -> non-req fields to deprecate some fields for kafka/postgres
+		// TODO: rm all of this manipulation in Dapr 1.17!!
+		originalMetadata := profile.Metadata
+		metadataCopy := make([]Metadata, len(originalMetadata))
+		copy(metadataCopy, originalMetadata)
 
 		if componentTitle == "Apache Kafka" || strings.ToLower(componentTitle) == "postgresql" {
-			removeRequiredOnSomeAWSFields(&metadataPtr)
+			removeRequiredOnSomeAWSFields(&metadataCopy)
 		}
 
-		// convert back to value slices for merging
-		updatedMetadata := make([]Metadata, 0, len(metadataPtr))
-		for _, ptr := range metadataPtr {
-			if ptr != nil {
-				updatedMetadata = append(updatedMetadata, *ptr)
-			}
-		}
-
-		merged := mergedMetadata(bi.Metadata, updatedMetadata...)
+		merged := mergedMetadata(bi.Metadata, metadataCopy...)
 
 		// Note: We must apply the removal of deprecated fields after the merge!!
 
@@ -92,12 +84,14 @@ func mergedMetadata(base []Metadata, add ...Metadata) []Metadata {
 // We normally have accessKey, secretKey, and region fields marked required as it is part of the builtin AWS auth profile fields.
 // However, as we rm the aws prefixed ones, we need to then mark the normally required ones as not required only for postgres and kafka.
 // This way we do not break existing users, and transition them to the standardized fields.
-func removeRequiredOnSomeAWSFields(metadata *[]*Metadata) {
+func removeRequiredOnSomeAWSFields(metadata *[]Metadata) {
 	if metadata == nil {
 		return
 	}
 
-	for _, field := range *metadata {
+	for i := range *metadata {
+		field := &(*metadata)[i]
+
 		if field == nil {
 			continue
 		}
@@ -125,6 +119,10 @@ func removeSomeDeprecatedFieldsOnUnrelatedAuthProfiles(metadata []Metadata) []Me
 	filteredMetadata := []Metadata{}
 
 	for _, field := range metadata {
+		// region is required in Assume Role auth profile, so this is needed for now.
+		if field.Name == "region" {
+			field.Required = true
+		}
 		if field.Name == "awsAccessKey" || field.Name == "awsSecretKey" || field.Name == "awsSessionToken" || field.Name == "awsRegion" {
 			continue
 		} else {

bindings/kafka/metadata.yaml

@@ -29,14 +29,6 @@ builtinAuthenticationProfiles:
         example: '"awsiam"'
         allowedValues:
           - "awsiam"
-      - name: awsRegion
-        type: string
-        required: false
-        description: |
-          This maintains backwards compatibility with existing fields. 
-          It will be deprecated as of Dapr 1.17. Use 'region' instead.
-          The AWS Region where the AWS service is deployed to.
-        example: '"us-east-1"'
       - name: awsAccessKey
         type: string
         required: false

bindings/postgres/metadata.yaml

@@ -73,14 +73,6 @@ builtinAuthenticationProfiles:
           If both fields are set, then 'secretKey' value will be used.
           The secret key associated with the access key.
         example: '"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"'
-      - name: awsRegion
-        type: string
-        required: false
-        description: |
-          This maintains backwards compatibility with existing fields. 
-          It will be deprecated as of Dapr 1.17. Use 'region' instead.
-          The AWS Region where the AWS service is deployed to.
-        example: '"us-east-1"'
 authenticationProfiles:
   - title: "Connection string"
     description: "Authenticate using a Connection String"

configuration/postgres/metadata.yaml

@@ -63,14 +63,6 @@ builtinAuthenticationProfiles:
           If both fields are set, then 'secretKey' value will be used.
           The secret key associated with the access key.
         example: '"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"'
-      - name: awsRegion
-        type: string
-        required: false
-        description: |
-          This maintains backwards compatibility with existing fields. 
-          It will be deprecated as of Dapr 1.17. Use 'region' instead.
-          The AWS Region where the AWS service is deployed to.
-        example: '"us-east-1"'
 authenticationProfiles:
   - title: "Connection string"
     description: "Authenticate using a Connection String."

pubsub/kafka/metadata.yaml

@@ -23,14 +23,6 @@ builtinAuthenticationProfiles:
         example: '"awsiam"'
         allowedValues:
           - "awsiam"
-      - name: awsRegion
-        type: string
-        required: false
-        description: |
-          This maintains backwards compatibility with existing fields. 
-          It will be deprecated as of Dapr 1.17. Use 'region' instead.
-          The AWS Region where the AWS service is deployed to.
-        example: '"us-east-1"'
       - name: awsAccessKey
         type: string
         required: false

state/postgresql/v1/metadata.yaml

@@ -70,14 +70,6 @@ builtinAuthenticationProfiles:
           If both fields are set, then 'secretKey' value will be used.
           The secret key associated with the access key.
         example: '"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"'
-      - name: awsRegion
-        type: string
-        required: false
-        description: |
-          This maintains backwards compatibility with existing fields. 
-          It will be deprecated as of Dapr 1.17. Use 'region' instead.
-          The AWS Region where the AWS service is deployed to.
-        example: '"us-east-1"'
 authenticationProfiles:
   - title: "Connection string"
     description: "Authenticate using a Connection String"

state/postgresql/v2/metadata.yaml

@@ -69,14 +69,6 @@ builtinAuthenticationProfiles:
           If both fields are set, then 'secretKey' value will be used.
           The secret key associated with the access key.
         example: '"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"'
-      - name: awsRegion
-        type: string
-        required: false
-        description: |
-          This maintains backwards compatibility with existing fields. 
-          It will be deprecated as of Dapr 1.17. Use 'region' instead.
-          The AWS Region where the AWS service is deployed to.
-        example: '"us-east-1"'
 authenticationProfiles:
   - title: "Connection string"
     description: "Authenticate using a Connection String"